10 DevOps Kubernetes Interview Questions and Answers

Kubernetes has become a cornerstone in the DevOps ecosystem, revolutionizing the way applications are deployed, scaled, and managed. As an open-source container orchestration platform, Kubernetes automates many of the manual processes involved in deploying and managing containerized applications. Its ability to handle complex microservices architectures and ensure high availability makes it an essential tool for modern software development and operations.

This article offers a curated selection of interview questions designed to test your knowledge and proficiency with Kubernetes. By working through these questions, you will gain a deeper understanding of key concepts and best practices, preparing you to confidently tackle technical interviews and demonstrate your expertise in this critical area.

DevOps Kubernetes Interview Questions and Answers

1. Describe how Kubernetes handles service discovery and load balancing.

Kubernetes manages service discovery and load balancing using built-in features. For service discovery, it employs a DNS-based approach, assigning a DNS name to each service. CoreDNS resolves these names to the service endpoints’ IP addresses. Load balancing is handled by kube-proxy, which runs on each node and maintains network rules to distribute traffic across service pods. Kube-proxy supports several modes, including userspace, iptables, and IPVS, each offering different load balancing methods.

2. What is a StatefulSet and when would you use it?

A StatefulSet is a Kubernetes resource for managing stateful applications, ensuring the ordering and uniqueness of the pods it manages. Each pod has a stable network identity and persistent storage, maintained across rescheduling. This is useful for applications like databases and Kafka, where stable identifiers and persistent storage are necessary. Key features include stable network identifiers, ordered deployment and scaling, and persistent storage.

3. Describe how ConfigMaps and Secrets are used.

ConfigMaps store non-confidential configuration data in key-value pairs, allowing configuration to be decoupled from image content. Secrets store sensitive information like passwords and tokens, with stricter access controls. Both can be referenced in deployments to inject data into pods via environment variables, volume mounts, or command-line arguments.

Example of a ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: example-config
data:
  configKey: configValue

Example of a Secret:

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
type: Opaque
data:
  password: cGFzc3dvcmQ=

4. Write a YAML snippet to define a PersistentVolumeClaim.

A PersistentVolumeClaim (PVC) is a request for storage by a user. Here’s a YAML snippet to define a PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

5. How do you set resource limits for a container in a pod?

Resource limits in Kubernetes control the CPU and memory a container can use, ensuring no single container monopolizes node resources. Limits are defined in the pod’s YAML configuration under the resources field.

Example:

apiVersion: v1
kind: Pod
metadata:
  name: example-pod
spec:
  containers:
  - name: example-container
    image: nginx
    resources:
      limits:
        memory: "512Mi"
        cpu: "1"
      requests:
        memory: "256Mi"
        cpu: "0.5"

6. How would you implement network policies to restrict traffic between pods?

Network policies control traffic flow between pods, specifying how groups of pods can communicate. By default, all traffic is allowed, but policies can enforce security by restricting traffic based on rules. A network policy is defined using a YAML file, specifying pod selectors and ingress/egress rules.

Example:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: restrict-traffic
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend
  egress:
  - to:
    - podSelector:
        matchLabels:
          role: backend

7. What are Kubernetes Operators and why are they useful?

Kubernetes Operators extend functionality by using custom resources to manage applications. Built with Custom Resource Definitions (CRDs) and controllers, Operators automate complex application management tasks, such as backups and updates, ensuring best practices are consistently followed.

8. Describe how Role-Based Access Control (RBAC) works.

RBAC in Kubernetes uses four components: Role, ClusterRole, RoleBinding, and ClusterRoleBinding. Roles define permissions within a namespace, while ClusterRoles apply cluster-wide. RoleBindings and ClusterRoleBindings associate these roles with users, groups, or service accounts.

Example of a Role and RoleBinding:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: "jane"
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

9. What are Custom Resource Definitions (CRDs) and how are they used?

Custom Resource Definitions (CRDs) allow users to define their own resource types, extending the Kubernetes API. This enables the creation and management of custom resources, essential for building custom controllers and operators.

Example:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: myresources.example.com
spec:
  group: example.com
  versions:
    - name: v1
      served: true
      storage: true
  scope: Namespaced
  names:
    plural: myresources
    singular: myresource
    kind: MyResource
    shortNames:
    - mr

10. Discuss the tools and practices for monitoring and logging.

Monitoring and logging in Kubernetes involve tools like Prometheus, Grafana, and cAdvisor for monitoring, and the ELK Stack, Fluentd, and Fluent Bit for logging. Best practices include centralized logging, alerting, resource usage monitoring, and implementing log retention policies.